Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!hao!boulder!sunybcs!bingvaxu!leah!itsgw!batcomputer!tedcrane
From: tedcrane@batcomputer.tn.cornell.edu (Ted Crane)
Newsgroups: comp.os.vms
Subject: Re: ACL's again
Message-ID: <2752@batcomputer.tn.cornell.edu>
Date: Thu, 29-Oct-87 15:50:34 EST
Article-I.D.: batcompu.2752
Posted: Thu Oct 29 15:50:34 1987
Date-Received: Wed, 4-Nov-87 02:04:08 EST
References: <8710231441.AA02608@ncsc.ARPA>
Reply-To: tedcrane@tcgould.tn.cornell.edu (Ted Crane)
Organization: Tompkins County Computing, Ithaca, NY
Lines: 23

In article <8710231441.AA02608@ncsc.ARPA> vtcf@NCSC.ARPA (Williams) writes:
>Is there a way to restrict the use of a certain image to a specific
>processor? 

ACL's would be one way to go.  Try an ACE of the format:

	(IDENTIFIER=SYS$NODE_xxx,ACCESS=EXECUTE)
	where "xxx" is your node name

You have to ensure that the protection check will fail if this ACE does not
match:  make sure there are no other ACE's that conflict, and that the 
protection bits are set to (S:RWED,O:RWED,G,W) (unless you don't want to
grant access to the system and owner).

I don't remember if there is a 'negated' identifier format in an ACE...if
there is, you could say
	(IDENTIFIER=.not.SYS$NODE_xxx,ACCESS=none)
and not have to worry about other ACE's or the protection bits.

PS:  SYS$NODE_xxx is an identifier created automatically by VMS, but you may
choose to create it manually.  It is granted to every user logged in on node
"xxx"--dynamically, as they log in, like the identifiers INTERACTIVE, BATCH,
LOCAL, REMOTE, etc.